Total
8298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1937 | 1 My-blog Project | 1 My-blog | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. | |||||
| CVE-2023-1923 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-1722 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2024-11-21 | N/A | 9.1 CRITICAL |
| Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | |||||
| CVE-2023-1472 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2024-11-21 | N/A | 6.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others. | |||||
| CVE-2023-1033 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | |||||
| CVE-2023-1029 | 1 Joomunited | 1 Wp Meta Seo | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-0999 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0988 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability. | |||||
| CVE-2023-0870 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | N/A | 8.1 HIGH |
| A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | |||||
| CVE-2023-0735 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0674 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. | |||||
| CVE-2023-0642 | 1 Squidex.io | 1 Squidex | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. | |||||
| CVE-2023-0438 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-0406 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-0398 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-0088 | 1 Swifty Page Manager Project | 1 Swifty Page Manager | 2024-11-21 | N/A | 8.8 HIGH |
| The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-4944 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000. | |||||
| CVE-2022-4867 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4850 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4849 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |||||